At Dragontail Systems Ltd. its subsidiaries or affiliated companies ("Dragontail" or "we"), we
recognize that privacy is important. This privacy policy ("Privacy Policy") applies to all
access to and use of Dragontail’s services and/or products(collectively, the "Services").
‘Personally Identifiable Information’ ("PII") is information that can be used on its
own or with other information to identify, contact, or locate a single person, or to identify an
individual in context. When you, the user (the "User") and/or the User’s end users or
customers ("End User(s)" and "User" shall collectively be referred to as "you" or "your") uses
the Services, your PII or the PII of your End Users (who have consented to your use of their PII
in accordance with the terms of this Privacy Policy), which for the purposes hereunder will also
be referred to as "your PII", as applicable, will be processed subject to the terms of this
Privacy Policy. Please read our Privacy Policy carefully to get a clear understanding of how we
organize, collect, use, protect or otherwise handle your PII.
You are not legally required
to provide PII, however, in order to enable you to access and use the Services, we require that
you provide PII pursuant to this Privacy Policy. By using the Services you consent to this
Privacy Policy, inclusive of the terms described herein.
If you have any questions about
this Privacy Policy, please feel free to contact us at dpo@dragontail.com.
1. Information and How We Use It
We may collect, process and use
the data which includes PII, the legal basis of which is your consent, which you give when you
use the Services. Types of PII that may be used include the following, without limitation;
1.1. We may process data about your use of the Services ("User Data"). User
Data may include your IP address, location, type of browser and version, operating system,
referral source, visit length, page views and website navigation paths, as well as information
about the frequency and timing of your use of the Services. We may use cookies as a source of
User Data (see our cookie policy in Section 8 below). User Data may be processed in the
manner set forth in this privacy policy for the purposes of analyzing the use of the Services,
improving and customizing the Services, ensuring the security of our Services, maintaining
back-ups of our databases and communicating with you.
1.2. When ordering
or registering our Services you may be asked to enter your name, company name, email address,
mailing address, telephone number, or other details ("Entered Data"). You are the source of such
account data, and such data may be processed for the purposes of, providing the Services,
ensuring the security of the Services, maintaining back-ups of our databases and communicating
with you.
1.3. We may process information that you provide to us for the
purpose of subscribing to our email notifications ("Notification Data") provided that you have
specifically consented to receive the same. The Notification Data may be processed for the
purposes of sending you relevant Notification Data.
1.4. We may process
information contained in or relating to any communication that you send to us ("Correspondence
Data"), for example, when signing up for our newsletter or respond to a survey or marketing
communication. The Correspondence Data may include communication content and/or metadata
associated such communication. The Correspondence Data may be processed for communicating with
you and record-keeping.
1.5. We may collect and retain metadata and
statistical information concerning the use of the Services which are not subject to the deletion
procedures in this Privacy Policy and may be retained by us for no more than required to conduct
its business. Some data may be retained also on our third-party service providers’ servers
in accordance with their retention policies. You will not be identifiable from this retained
metadata or statistical information.
1.6. We may process any of the types
of data described in this Section 1 if we are required to do so by court order, any legal
obligation to which we are subject, or when necessary, for the establishment, exercise or
defence of legal claims. The legal basis for this processing is our legitimate interests, namely
of Dragontail’s legal rights, your legal rights and the legal rights of others.
1.7. Please do not supply any other person’s PII (including End
Users’) to us without the specific and explicit consent of all parties, including the
owner of such PII.
2. Drivers’ App
2.1. Drivers’ App does
not use location when it’s completely closed.
3. Providing Your PII to Others
3.1. We may disclose PII to any member of our group of companies, including
subsidiaries (if any), holding companies and all of their respective subsidiaries (if any),
insofar as reasonably necessary for the purposes set out in this Privacy Policy.
3.2. We may disclose your PII to professional advisers insofar as reasonably
necessary for the purposes of obtaining and maintaining insurance coverage, managing risks,
obtaining professional advice and managing legal disputes.
3.3. We may
disclose your PII to third-party service providers, vendors and subcontractors reasonably
necessary to provide the Services. Such third-party provider’s vendors and subcontractors
will only use the PII to the extent necessary to allow them to perform the Services they provide
to Dragontail.
3.4. We will only disclose your PII to third parties who
provide sufficient guarantees that they implement appropriate technical and organizational
measures in such a manner that their processing of your PII will meet the requirements of Data
Protection Regulation (as defined below) and ensure the protection of your rights and with whom
we have written contracts that conform to our legal obligations under Data Protection
Regulation.
4. International Transfers of Your PII
4.1. In
this Section 3, we provide information about the circumstances in which your PII may be
transferred to countries worldwide including inside and outside the European Economic Area
("EEA").
4.2. We and our other group companies have facilities in Israel,
USA, Australia, and Canada. "Adequacy decisions" of the European Commission have been made with
respect to the data protection laws of each of these countries except Canada, and in the
US.
4.3. Transfers to countries inside and outside the EEA will be
protected by appropriate safeguards, namely the provisions of applicable law which relate to the
protection of individuals with regards to the Processing of Personal Data to which a party may
be subject including, without limitation, the General Data Protection Regulation (EU) 2016/679,
the Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000, the
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulation 2000,
the Electronic Communications Data Protection Directive 2002/58/EC, the Privacy and Electronic
Communications (EC Directive) Regulations 2003 and, where applicable, the guidance and code of
practice issued by the Information Commissioner’s Office from time to time, directions of
any competent regulatory authority, relevant regulatory guidance and codes of practice
(collectively "Data Protection Regulation") or to the extent transfers will cross borders to
outside the EEA, such transfer shall be carried out in accordance with standard contractual
clauses annexed to the EU Commission Decision 2010/87/EU of 5 February 2010 for the Transfer of
Personal Data to Processors established in Third Countries under the Directive (the "Model
Clauses").
4.4. The hosting facilities for our Services are situated in
within the region of service, in the USA, Israel, Canada or Australia.
4.5. You acknowledge that PII submitted by you for transmission through the
Services may be transmitted around the world via the internet for the purpose of performing the
Services and subject to the terms of this Privacy Policy and your agreement with us to purchase
the Services.
5. Retaining and Deleting PII
5.1. This Section 4
sets out our data retention policies and procedures, which are designed to help ensure that we
comply with our legal obligations in relation to the retention and deletion of PII.
5.2. We will retain and delete your PII as follows:
5.3.
PII will be retained for up to a period of one year following the end of the Services after
which period it will be deleted from our systems unless otherwise required under applicable
law.
5.4. Notwithstanding the other provisions of this Privacy Policy, we
may retain your PII where such retention is necessary for compliance with a legal obligation to
which we are subject, or in order to protect your vital interests or the vital interests of
another natural person.
6. Your Rights
6.1. In this Section 5, we have done our best to
summarize the rights that you may have under applicable data protection law. These are complex,
and not all of the details have been included herein. In light of this, you should read the
relevant laws and guidance from the regulatory authorities for a full explanation of these
rights.
6.2. End Users principal rights under data protection law
are:
(a) the right to access;
(b) the right to rectification;
(c) the right to
erasure;
(d) the right to restrict processing;
(e) the right to object to
processing;
(f) the right to data portability;
(g) the right to complain to a
supervisory authority; and
(h) the right to withdraw consent.
You have the right to
confirmation as to whether or not we process your PII and, where we do, access to the PII,
together with certain additional information. That additional information includes details of
the purposes of the processing, the categories of PII concerned and the recipients of the PII.
Providing the rights and freedoms of others are not affected, and as requested or approved by
you, we will supply to you a copy of your PII. The first copy will be provided free of charge,
but additional copies may be subject to a reasonable fee. You can request to access your PII by
requesting an e-mail summary from dpo@dragontail.com.
6.3. You
have the right to have any inaccurate PII about you rectified and, taking into account the
purposes of the processing, to have any incomplete PII about you completed.
6.4. In some circumstances you have the right to the erasure of your PII, by
providing adequate evidence attesting to your identity, without undue delay. Those circumstances
include: the PII is no longer necessary in relation to the purposes for which they were
collected or otherwise processed; you withdraw consent to consent-based processing; and the PII
have been unlawfully processed. There are certain general exclusions of the right to erasure.
Those general exclusions include where processing is necessary: for compliance with a legal
obligation; or for the establishment, exercise or defence of legal claims.
6.5. In some circumstances, you have the right to restrict the processing of
your PII. Those circumstances are: you contest the accuracy of the PII; processing is unlawful
but you oppose erasure; we no longer need the PII for the purposes of our processing, but you
require PII for the establishment, exercise or defence of legal claims; and you have objected to
processing, pending the verification of that objection. Where processing has been restricted on
this basis, we may continue to store your PII. However, we will only otherwise process it: with
your consent; for the establishment, exercise or defence of legal claims; for the protection of
the rights of another natural or legal person; or for reasons of important public
interest.
6.6. You have the right to object to our processing of your PII
on grounds relating to your particular situation, but only to the extent that the legal basis
for the processing is necessary for: the performance of a task carried out in the public
interest or in the exercise of any official authority vested in us; or the purposes of the
legitimate interests pursued by us or by a third party. If you make such an objection, we will
cease to process the PII unless we can demonstrate compelling legitimate grounds for the
processing which override your interests, rights and freedoms, or the processing is for the
establishment, exercise or defence of legal claims.
6.7. To the extent
that the legal basis for our processing of your PII is consent, and such processing is carried
out by automated means, you have the right to receive your PII from us in a structured, commonly
used and machine-readable format. However, this right does not apply where it would adversely
affect the rights and freedoms of others.
6.8. If you consider that our
processing of your PII infringes Data Protection Regulations, you have a legal right to file a
complaint with a supervisory authority responsible for data protection. You may do so in the EU
member state of your habitual residence, your place of work or the place of the alleged
infringement.
6.9. To the extent that the legal basis for our processing
of your PII is consent, you have the right to withdraw that consent at any time. Withdrawal will
not affect the lawfulness of processing before the withdrawal.
6.10. You may exercise any
of your rights in relation to your PII by written notice to us in addition to the other methods
specified in this Section 5.
7. Opt-in
When you provide us with PII for a secondary reason,
like marketing or other secondary reasons which we will convey to you from time to time if
applicable, we will ask for your consent. After you opt-in, you may withdraw your consent at any
time, by contacting us at dpo@dragontail.com.
8. Information Security
8.1. We follow generally
accepted industry standards to protect against unauthorized access to or unauthorized use,
alteration, disclosure or destruction of PII. However, no method of transmission over the
Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use
commercially acceptable means to protect PII, we cannot guarantee its absolute security.
8.2. The PII is contained behind secured networks and is only accessible by a
limited number of persons who have special access rights to such systems, and are required by
contract to keep the information confidential.
8.3. We implement a
variety of security measures when a user places an order, enters, submits, or accesses their
information to maintain the safety of the PII.
9. Cookies
9.1. Cookies are small files that a
site or its service provider transfers to your computer’s hard drive through your Web
browser (if you allow) that enables the site’s or service provider’s systems to
recognize your browser and capture and remember certain information. They are also used to help
us understand your preferences based on previous or current site activity, which enables us to
provide you with improved services. We also use cookies to help us compile aggregate data about
site traffic and site interaction so that we can offer better site experiences and tools in the
future.
9.2. Among other purposes, we use cookies to understand and save
the user’s preferences for future visits.
9.3. You can choose to
have your computer warn you each time a cookie is being sent, or you can choose to turn off all
cookies. You do this through your browser settings. Since each browser is a little different,
look at your browser’s Help Menu to learn the correct way to modify your cookies.
9.4. If you turn cookies off, some of the features that make your site
experience more efficient may not function properly.
9.5. Cookies will
not be used for any purpose other than stated in this Privacy Policy.
10. California Online Privacy Protection Act
10.1.
CalOPPA is the first state law in the nation to require commercial websites and apps and online
services to post a privacy policy. The law’s reach stretches well beyond California to
require any person or company in the United States (and conceivably the world) that operates an
app and/or website collecting Personally Identifiable Information from California consumers to
post a conspicuous privacy policy on its app and/or website stating exactly the information
being collected and those individuals or companies with whom it is being shared.
10.2. According to CalOPPA, we agree to the following:
(a) Users can
visit our site anonymously.
(b) Once this Privacy Policy is created, we will add a link to
it on our home page or as a minimum, on the first significant page after accessing our
Services.
(c) Our Privacy Policy link includes the word ‘Privacy’ and can
easily be found on the page specified above.
11. Do Not Track Signals
11.1. We honour Do Not
Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT)
browser mechanism is in place.
11.2. To the extent legally permitted we
may allow third-party behavioural tracking.
12. COPPA (Children Online Privacy Protection Act)
12.1.
When it comes to the collection of PII from children under the age of 13 years old, the
Children’s Online Privacy Protection Act (COPPA) puts parents in control. The Federal
Trade Commission, United States’ consumer protection agency, enforces the COPPA Rule,
which spells out what operators of websites and online services must do to protect
children’s privacy and safety online.
12.2. We do not market to
children under the age of 13 years old, and 13-year-olds are prohibited from using our Services
without proper consents from guardians as detailed hereunder.
13. Fair Information Practices
13.1. The Fair
Information Practices Principles form the backbone of privacy law in the United States and the
concepts they include have played a significant role in the development of data protection laws
around the globe. Understanding the Fair Information Practice Principles and how they should be
implemented is critical to comply with the various privacy laws that protect PII.
13.2. In order to be in line with Fair Information Practices we will take the
following responsive action, should a data breach occur:
13.2.1. We will
notify you within the time required by applicable law, but no later than three business days
from becoming aware of any such breach.
13.2.2. We also agree to the
Individual Redress Principle which requires that individuals have the right to legally pursue
enforceable rights against data collectors and processors who fail to adhere to the law. This
principle requires not only those individuals have enforceable rights against data users, but
also that individuals have recourse to courts or government agencies to investigate and/or
prosecute non-compliance by data processors.
14. CAN SPAM Act
14.1. The CAN-SPAM Act is a law that
sets the rules for commercial email, establishes requirements for commercial messages, gives
recipients the right to have emails stopped from being sent to them, and spells out tough
penalties for violations.
14.2. We collect your email address in order
to:
14.2.1. Send information, respond to inquiries, and/or other requests
or questions
14.2.2. Process orders and to send information and updates
pertaining to orders.
14.2.3. Send you additional information related to
the Services.
14.2.4. Market to our mailing list or continue to send
emails to our customers after the original transaction has occurred.
14.3. To be in accordance with CANSPAM, we agree to the following:
(a)
Not use false or misleading subjects or email addresses.
(b) Identify the message as an
advertisement in some reasonable way.
(c) Include the physical address of our business or
site headquarters.
(d) Monitor third-party email marketing services for compliance, if one
is used.
(e) Honour opt-out/unsubscribe requests quickly.
(f) Allow users to
unsubscribe by using the link at the bottom of each email.
15. Third-party Direct Collectors
15.1. In
general, the third-party providers used by us will only collect, use and disclose your
information to the extent necessary to allow them to perform the Services they provide to us.
However, certain third-party service providers, have their own privacy policies with respect to
the information we are required to provide to them for your purchase-related transactions.
15.2. For these providers, we recommend that you read their privacy policies so
you can understand the manner in which your PII will be handled by these providers. In
particular, remember that certain providers may be located in or have facilities that are
located in a different jurisdiction than either you or us. So if you elect to proceed with a
transaction that involves the services of a third-party service provider, then your information
may become subject to the laws of the jurisdiction(s) in which that service provider or its
facilities are located.
15.3. Once you cease to use or access our website
or Services or are redirected to a third-party app or website or application, you are no longer
governed by this Privacy Policy or our Terms of Service.
16. Third-party Links
Occasionally, at our discretion, we may
include or offer third-party products or services on the website. These third-party sites have
separate and independent privacy policies. We, therefore, have no responsibility or liability
for the content and activities of these linked sites. Nonetheless, we seek to protect the
integrity of our site and welcome any feedback about these sites.
17. Age of Consent
By using our Services , you represent that you
are at least the age of majority in your state, province or country of residence, or that you
are the age of majority in your state, province or country of residence and you have given us
your consent to allow any of your minor dependents to use this site.
18. Law and Jurisdiction
18.1. The law that
applies our Services and the Privacy Policy is the law of the State of Israel alone.
18.2. Exclusive jurisdiction to hear any dispute regarding our Services and/or
the Privacy Policy and anything deriving thereunder is conferred to the competent court in the
district of Tel Aviv-Jaffa, Israel.
19. Changes to the Privacy Policy
19.1. We
reserve the right to modify this Privacy Policy at any time, so please review it frequently.
Changes and clarifications will take effect immediately upon their posting on our website. If we
make material changes to this policy, we will notify you here that it has been updated, so that
you are aware of what information we collect, how we use it, and under what circumstances, if
any, we use and/or disclose it.
19.2. If we are acquired or merged with
another company, your information may be transferred to the new owners so that we may continue
to provide our Services to you.
20. Contacting Us
If there are any questions regarding this Privacy
Policy, you may contact us and our Data Protection Officer using the information below: dpo@dragontail.com.
21. Last updated: October 9, 2018.